Description
In Linux 6.11 @zx2c4 introduced a vDSO for the random number generator, which avoids the system call overhead of calling getrandom, similarly to how arc4random() works on the BSDs. The motivation is explained eloquently in the lkml patch set, but it boils down to "it would be nice to have the security of a kernel CSPRNG with the speed of a userspace CSPRNG" and indeed it would be nice if crypto/rand was so fast that no one ever reached for something else.
It was pulled in Linux 6.11 (released 2024-09-15) and Linux 6.12 will add arm64, powerpc64, powerpc32, s390x, and loongarch64 support. It doesn't seem to be documented in the kernel Documentation or in the man pages, but the patch set explains the API (and there's this LWN article, too).
I just finished mailing a chain of crypto/rand changes and I wanted to add this on top, but the vDSO mechanism is too deep in the runtime for me to feel confident wiring it in. If someone else (@ianlancetaylor maybe?) wanted to make the runtime changes to expose the vDSO function, happy to then do the crypto/rand ones.
/cc @golang/security